GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-01-09 21:36:19 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2 KINGSTON_SH103S3120G rev.507KC4 111,79GB Running: GMER.exe; Driver: C:\Users\Kamilo\AppData\Local\Temp\fwxdapod.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003bb2000 45 bytes [00, 10, 00, 00, 00, 00, 00, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80003bb202f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000164300 7 bytes [00, A1, F3, FF, 41, B4, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000164308 3 bytes [00, 07, 02] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2812] C:\Windows\syswow64\USER32.dll!DrawIconEx 0000000075164879 5 bytes JMP 0000000103781120 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2812] C:\Windows\syswow64\USER32.dll!GetIconInfo 00000000751649ea 5 bytes JMP 0000000103781030 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2812] C:\Windows\syswow64\USER32.dll!GetCursor 000000007517f6e0 5 bytes JMP 0000000103781080 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d01465 2 bytes [D0, 75] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d014bb 2 bytes [D0, 75] .text ... * 2 .text C:\Program Files\Plus Internet\Plus Internet.exe[4828] C:\Windows\syswow64\user32.DLL!DrawIconEx 0000000075164879 5 bytes JMP 0000000104d11120 .text C:\Program Files\Plus Internet\Plus Internet.exe[4828] C:\Windows\syswow64\user32.DLL!GetIconInfo 00000000751649ea 5 bytes JMP 0000000104d11030 .text C:\Program Files\Plus Internet\Plus Internet.exe[4828] C:\Windows\syswow64\user32.DLL!GetCursor 000000007517f6e0 5 bytes JMP 0000000104d11080 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d01465 2 bytes [D0, 75] .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d014bb 2 bytes [D0, 75] .text ... * 2 .text C:\Users\Kamilo\Desktop\GMER.exe[2528] C:\Windows\syswow64\USER32.dll!DrawIconEx 0000000075164879 5 bytes JMP 0000000110001120 .text C:\Users\Kamilo\Desktop\GMER.exe[2528] C:\Windows\syswow64\USER32.dll!GetIconInfo 00000000751649ea 5 bytes JMP 0000000110001030 .text C:\Users\Kamilo\Desktop\GMER.exe[2528] C:\Windows\syswow64\USER32.dll!GetCursor 000000007517f6e0 5 bytes JMP 0000000110001080 ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [1020:3016] 000007fef6ab0ea8 Thread C:\Windows\system32\svchost.exe [1020:3020] 000007fef6aa9db0 Thread C:\Windows\system32\svchost.exe [1020:3048] 000007fef6ab1c94 Thread C:\Windows\system32\svchost.exe [1020:7092] 000007fef6aaaa10 Thread C:\Windows\System32\wscript.exe [3704:5236] 000007fefe548d20 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2940] (GG drive overlay/GG Network S.A.)(2013-12-27 22:28:34) 000000005c080000 Library C:\Users\Kamilo\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2940] (GG drive menu/GG Network S.A.)(2 000000005ff80000 ---- Files - GMER 2.1 ---- File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000414 18569 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00225c 0 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00225d 0 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00225e 0 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00225f 0 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002260 0 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002261 0 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002262 0 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002263 0 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002264 0 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002265 20721 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002266 0 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002267 0 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002268 18098 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00226a 22031 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00226b 19039 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00226c 23767 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00226d 18357 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00226e 25625 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00226f 21761 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002271 22702 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002272 19491 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002273 18586 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002274 22738 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002275 18539 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002276 18831 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002277 17711 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002278 20196 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002279 16657 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00227a 16559 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00227b 19280 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00227c 20188 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00227d 16503 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00227f 0 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002280 0 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002281 0 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002282 0 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002283 0 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002284 0 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002285 0 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002286 17315 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002287 18411 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002288 25868 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002289 17692 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00228a 23489 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00228b 18717 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00228c 130259 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00228d 17214 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00228e 29136 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00228f 52472 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002290 22654 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002291 21816 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002293 17431 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002294 18040 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002295 16880 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002296 19172 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002297 17275 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002298 26050 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002299 16772 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00229a 20391 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00229b 17430 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00229c 18552 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00229d 16785 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00229e 20371 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00229f 20334 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0022a0 19677 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0022a1 17881 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0022a2 19684 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0022a3 28318 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0022a4 17360 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0022a5 17000 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0017a6 89339 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002269 16668 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00227e 0 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002292 17693 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002627 0 bytes File C:\Users\Kamilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_002628 0 bytes ---- EOF - GMER 2.1 ----